The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen . * CVE-2017-5754: Fixed speculative side channel attacks on various CPU platforms . * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver . * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set . * CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system . * CVE-2023-0590: Fixed race condition in qdisc_graft . * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation . * CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user . * CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem . The following non-security bugs were fixed: * add 00f3ca2c2d66 * add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts * add 168e06f7937d kernel/hung_task.c: force console verbose before panic * add 1f4aace60b0e * add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies * add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic * add Tegra repository to git_sort. * add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend * add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats * add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create * add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking pollers * add support for enabling livepatching related packages on -RT * add suse-kernel-rpm-scriptlets to kmp buildreqs * amiflop: clean up on errors during setup . * audit: ensure userspace is penalized the same as the kernel when under pressure . * audit: improve robustness of the audit queue handling . * bcache: fix super block seq numbers comparision in register_cache_set . * blk-cgroup: Fix memleak on error path . * blk-cgroup: Pre-allocate tree node on blkg_conf_prep . * blk-cgroup: fix missing put device in error path from blkg_conf_pref . * blk-mq: fix possible memleak when register "hctx" failed . * blk-mq: insert request not through -greater than queue_rq into sw/scheduler queue . * blk-mq: move cancel of requeue_work into blk_mq_release . * blktrace: Fix output non-blktrace event when blk_classic option enabled . * blktrace: break out of blktrace setup on concurrent calls . * blktrace: ensure our debugfs dir exists . * blktrace: fix endianness for blk_log_remap . * blktrace: fix endianness in get_pdu_int . * blktrace: use errno instead of bi_status . * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group . * block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group . * block, bfq: increase idling for weight-raised queues . * block, bfq: protect "bfqd-greater than queued" by "bfqd-greater than lock" . * block, bfq: protect "bfqd-greater than queued" by "bfqd-greater than lock" . * block/bio-integrity: do not free "buf" if bio_integrity_add_page failed . * block/bio-integrity: fix a memory leak bug . * block/swim: Check drive type . * block/swim: Do not log an error message for an invalid ioctl . * block/swim: Fix IO error at end of medium . * block/swim: Rename macros to avoid inconsistent inverted logic . * block/swim: Select appropriate drive on device open . * block: Fix use-after-free issue accessing struct io_cq . * block: add a lower-level bio_add_page interface . * block: bio-integrity: Copy flags when bio_integrity_payload is cloned . * block: fix memleak when __blk_rq_map_user_iov is failed . * block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR . * brd: check and limit max_part par . * compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES . * constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. * cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM . * cryptoloop: add a deprecation warning . * d6810d730022 * dm bio record: save/restore bi_end_io and bi_integrity . * dm btree: add a defensive bounds check to insert_at . * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort . * dm cache: Fix UAF in destroy . * dm cache: set needs_check flag after aborting metadata . * dm crypt: use u64 instead of sector_t to store iv_offset . * dm flakey: Properly corrupt multi-page bios . * dm ioctl: fix misbehavior if list_versions races with module loading . * dm ioctl: prevent potential spectre v1 gadget . * dm kcopyd: Fix bug causing workqueue stalls . * dm raid: avoid bitmap with raid4/5/6 journal device . * dm space map common: add bounds check to sm_ll_lookup_bitmap . * dm space maps: do not reset space map allocation cursor when committing . * dm table: Remove BUG_ON . * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata . * dm thin: Fix UAF in run_timer_softirq . * dm thin: Use last transaction"s pmd-greater than root when commit failed . * dm thin: add sanity checks to thin-pool and external snapshot creation . * dm thin: resume even if in FAIL mode . * dm verity: skip verity work if I/O error when system is shutting down . * dm verity: use message limit for data block corruption message . * dm zoned: return NULL if dmz_get_zone_for_reclaim fails to find a zone . * dm: Use kzalloc for all structs with embedded biosets/mempools . * do not dump the threads that had been already exiting when zapped . * drbd: Change drbd_request_detach_interruptible"s return type to int . * drbd: destroy workqueue when drbd device was freed . * drbd: do not block when adjusting "disk-options" while IO is frozen . * drbd: dynamically allocate shash descriptor . * drbd: fix potential silent data corruption . * drbd: fix print_st_err"s prototype to match the definition . * drbd: ignore "all zero" peer volume sizes in handshake . * drbd: reject attach of unsuitable uuids even if connected . * drbd: remove usage of list iterator variable after loop . * drbd: use after free in drbd_create_device . * drivers/block/zram/zram_drv.c: fix bug storing backing_dev . * drivers:md:fix a potential use-after-free bug . * ext4: Detect already used quota file early . * ext4: Fixup pages without buffers . * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h . * ext4: add reserved GDT blocks check . * ext4: avoid crash when inline data creation follows DIO write . * ext4: avoid resizing to a partial cluster size . * ext4: clear mmp sequence number when remounting read-only . * ext4: continue to expand file system when the target size does not reach . * ext4: correct max_inline_xattr_value_size computing . * ext4: correct the misjudgment in ext4_iget_extra_inode . * ext4: do not BUG if someone dirty pages without asking ext4 first . * ext4: fix a data race at inode-greater than i_disksize . * ext4: fix argument checking in EXT4_IOC_MOVE_EXT . * ext4: fix extent status tree race in writeback error recovery path . * ext4: fix null-ptr-deref in ext4_write_info . * ext4: fix race when reusing xattr blocks . * ext4: fix undefined behavior in bit shift for ext4_check_flag_values . * ext4: fix use-after-free in ext4_ext_shift_extents . * ext4: fix use-after-free in ext4_xattr_set_entry . * ext4: fix warning in "ext4_da_release_space" . * ext4: make ext4_lazyinit_thread freezable . * ext4: prohibit fstrim in norecovery mode . * ext4: recover csum seed of tmp_inode after migrating to extents . * ext4: unindent codeblock in ext4_xattr_block_set . * ext4: update s_overhead_clusters in the superblock during an on-line resize . * ext4: use matching invalidatepage in ext4_writepage . * floppy: Add max size check for user space request . * ftrace: Enable trampoline when rec count returns back to one . * ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper . * ftrace: Fix updating FTRACE_FL_TRAMP . * ftrace: fpid_next should increase position index . * git_sort: add usb-linus branch for gregkh/usb * gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp . * hid: betop: check shape of output reports . * hid: betop: fix slab-out-of-bounds Write in betop_probe . * hid: check empty report_list in hid_validate_values . * iforce: restore old iforce_dump_packet . * input: convert autorepeat timer to use timer_setup . * input: do not use WARN in input_alloc_absinfo . * input: i8042 - Add quirk for Fujitsu Lifebook T725 . * input: iforce - reformat the packet dump output . * input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag . Heavily modified, as prerequisites for taking it as is would utterly ruin kABI * input: replace hard coded string with **func** in pr_err . * input: switch to using sizeof when allocating memory . * input: use seq_putc in input_seq_print_bitmap . * input: use seq_puts in input_devices_seq_show . * ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module . * ipmi: Move remove_work to dedicated workqueue . * ipmi: fix memleak when unload ipmi driver . * ipmi: fix use after free in _ipmi_destroy_user . * isofs: reject hardware sector size greater than 2048 bytes . * jbd2: use the correct print format . * kABI: cpu/hotplug: reexport cpu_smt_control . * kbuild: clear LDFLAGS in the top Makefile . * kernel/sys.c: avoid copying possible padding bytes in copy_to_user . * kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules . * kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth not fault on bad stack . * loop: Add LOOP_SET_DIRECT_IO to compat ioctl . * loop: use sysfs_emit in the sysfs xxx show . * m68k/mac: Do not remap SWIM MMIO region . * makefile: link with -z noexecstack --no-warn-rwx-segments . * mbcache: add functions to delete entry if unused . * mbcache: do not reclaim used entries . * md/raid1: stop mdx_raid1 thread when raid1 array run failed . * md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d . * md: fix a crash in mempool_free . * md: protect md_unregister_thread from reentrancy . * memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc failure . * mm/filemap.c: clear page error before actual read . * module: Do not wait for GOING modules . * nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag . * nbd: Fix NULL pointer in flush_workqueue . * nbd: Fix hung when signal interrupts nbd_start_device_ioctl . * nbd: add a flush_workqueue in nbd_start_device . * nbd: add missing config put . * nbd: call genl_unregister_family first in nbd_cleanup . * nbd: do not requeue the same request twice . * nbd: fix a block_device refcount leak in nbd_release . * nbd: fix crash when the blksize is zero . * nbd: fix io hung while disconnecting device . * nbd: fix max number of supported devs . * nbd: fix possible sysfs duplicate warning . * nbd: fix race between nbd_alloc_config and module removal . * nbd: fix shutdown and recv work deadlock v2 . * nbd: handle racing with error"ed out commands . * nbd: handle unexpected replies better . * nbd: make the config put is called before the notifying the waiter . * nbd: verify socket is supported during setup . * nbd:fix memory leak in nbd_get_socket . * net/ethernet/freescale: rework quiesce/activate for ucc_geth . * net/mlx5e: Set of completion request bit should not clear other adjacent bits . * net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path . * net: USB: Fix wrong-direction WARNING in plusb.c . * net: allwinner: Fix use correct return type for ndo_start_xmit . * net: bcmgenet: suppress warnings on failed Rx SKB allocations . * net: bmac: Fix read of MAC address from ROM . * net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans . * net: mana: Fix IRQ name - add PCI and queue number . * net: qed*: Reduce RX and TX default ring count when running inside kdump kernel . * net: stmmac: Fix sub-second increment . * net: systemport: suppress warnings on failed Rx SKB allocations . * net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 . * net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 . * net: usb: lan78xx: do not modify phy_device state concurrently . * net: usb: qmi_wwan: Add support for Dell DW5829e . * net: usb: qmi_wwan: add Quectel RM520N . * net: usb: sr9700: Handle negative len . * null_blk: Handle null_add_dev failures properly . * null_blk: fix spurious IO errors after failed past-wp access . * panic: unset panic_on_warn inside panic . * parisc: Fix HP SDC hpa address output . * parisc: Fix serio address output . * pci/aspm: Correct LTR_L1.2_THRESHOLD computation . * pci/aspm: Declare threshold_ns as u32, not u64 . * pci/sysfs: Fix double free in error path . * pci: Check for alloc failure in pci_request_irq . * pci: Fix pci_device_is_present for VFs by checking PF . * pci: Fix used_buses calculation in pci_scan_child_bus_extend . * pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge . * prlimit: do_prlimit needs to have a speculation check . * ps3disk: use the default segment boundary . * ptrace: make ptrace fail if the tracee changed its pid unexpectedly . * quota: Check next/prev free block number after reading from quota file . * quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls . * revert "blkdev: check for valid request queue before issuing flush" . * revert "dm cache: fix arm link errors with inline" . * revert "scsi: core: run queue if SCSI device queue isn"t ready and queue is idle" . * rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. * rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. * rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. * rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage * rsxx: add missed destroy_workqueue calls in remove . * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up . * sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up . * sbitmap: fix lockup while swapping . * scripts/CKC: Do not use empty branches file Do not use it and do not write neither. * scripts/CKC: Make checker more specific * scripts/CKC: Make checker script download branches.conf Requires curl, downloads and caches the branches.conf file. * scripts/CKC: do not output from shopt shopt outputs the status of the flag, so that git grep looks like: git grep -qi "nocasematch off ^References:. _bsc#1202195 " remotes/origin/SLE15-SP2-RT -- "patches._" I do not know how it can work , but it"s not definitely OK. So make shopt in term2regex quiet. * scripts/CKC: simplify print_branch AFAIU, it"s simply: printf "%-23s" * scripts/CKC: store local branches with $USER prefix So that on shared machines, it can be overwritten when expires. * scripts/CKC: test accepts only =, not == And put $1 into "" too. * scripts/git_sort/git_sort.py: Add arm-soc for-next tree. * scripts/wd-functions.sh: fix get_branch_name in worktree Instead of using a hard-coded path for the git directory, use git rev-parse with --git-dir flag, introduced since 0.99.7, to find the git directory so branch name can be correctly detected while in git worktrees. * scsi: fcoe: Fix possible name leak when device_register fails . * scsi: fcoe: Fix transport not deattached when fcoe_if_init fails . * scsi: hpsa: Fix allocation size for scsi_host_alloc . * scsi: hpsa: Fix error handling in hpsa_add_sas_host . * scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device . * scsi: hpsa: Fix possible memory leak in hpsa_init_one . * scsi: ipr: Fix WARNING in ipr_init . * scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add . * scsi: qla2xxx: Check if port is online before sending ELS . * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests . * scsi: qla2xxx: Fix IOCB resource check warning . * scsi: qla2xxx: Fix erroneous link down . * scsi: qla2xxx: Fix exchange oversubscription . * scsi: qla2xxx: Fix exchange oversubscription for management commands . * scsi: qla2xxx: Fix link failure in NPIV environment . * scsi: qla2xxx: Fix printk format string . * scsi: qla2xxx: Fix stalled login . * scsi: qla2xxx: Make qla_trim_buf and __qla_adjust_buf static . * scsi: qla2xxx: Relocate/rename vp map . * scsi: qla2xxx: Remove dead code . * scsi: qla2xxx: Remove dead code . * scsi: qla2xxx: Remove dead code . * scsi: qla2xxx: Remove increment of interface err cnt . * scsi: qla2xxx: Remove the unused variable wwn . * scsi: qla2xxx: Remove unintended flag clearing . * scsi: qla2xxx: Select qpair depending on which CPU post_cmd gets called . * scsi: qla2xxx: Simplify if condition evaluation . * scsi: qla2xxx: Update version to 10.02.08.100-k . * scsi: qla2xxx: Update version to 10.02.08.200-k . * scsi: qla2xxx: Use a variable for repeated mem_size computation . * scsi: qla2xxx: edif: Fix clang warning . * scsi: qla2xxx: edif: Fix performance dip due to lock contention . * scsi: qla2xxx: edif: Fix stall session after app start . * scsi: qla2xxx: edif: Reduce memory usage during low I/O . * scsi: scsi_debug: Fix a warning in resp_write_scat . * scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper . * scsi: smartpqi: use processor ID for hwqueue for non-mq case . * scsi: snic: Fix possible UAF in snic_tgt_create . * scsi: target: core: Add CONTROL field for trace events . * sctp: fail if no bound addresses can be used for a given scope . * signal handling: do not use BUG_ON for debugging . * struct dwc3: move new members to the end . * sunrpc: make lockless test safe . * sunvdc: Do not spin in an infinite loop when vio_ldc_send returns EAGAIN . * swim: fix cleanup on setup error . * tracing/cfi: Fix cmp_entries_* functions signature mismatch . * tracing: Adding NULL checks for trace_array descriptor pointer . * tracing: Ensure trace buffer is at least 4096 bytes large . * tracing: Fix a kmemleak false positive in tracing_map . * tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line . * tracing: Fix sleeping function called from invalid context on RT kernel . * tracing: Fix stack trace event size . * tracing: Fix tp_printk option related with tp_printk_stop_on_boot . * tracing: Make sure trace_printk can output as soon as it can be used . * tracing: Set kernel_stack"s caller size properly . * tracing: Use address-of operator on section symbols . * tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate . * trigger_next should increase position index . * udf: Avoid accessing uninitialized data on failed inode read . * udf: Check LVID earlier . * udf: Fix BUG on corrupted inode . * udf: Fix NULL pointer dereference in udf_symlink function . * udf: Fix a slab-out-of-bounds write bug in udf_find_entry . * udf: Fix free space reporting for metadata and virtual partitions . * udf: Limit sparing table size . * udf: fix silent AED tagLocation corruption . * udf_get_extendedattr had no boundary checks . * usb: dwc3: Disable phy suspend after power-on reset . * usb: dwc3: core: Call dwc3_core_get_phy before initializing phys . * usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume . * usb: dwc3: core: initialize ULPI before trying to get the PHY . * usb: dwc3: fix PHY disable sequence . * usb: dwc3: gadget: Fix event pending check . * usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe . * usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling . * usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe . * usb: serial: ch341: fix disabled rx timer on older devices . * usb: serial: console: move mutex_unlock before usb_serial_put . * virtio-blk: Fix memory leak among suspend/resume procedure . * virtio_console: break out of buf poll on remove . * virtio_console: eliminate anonymous module_init module_exit . * x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk . * x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models . * x86/asm: Add instruction suffixes to bitops . * x86/asm: Remove unnecessary \n\t in front of CC_SET from asm templates . * x86/bugs: Move the l1tf function and define pr_fmt properly . * x86/earlyprintk: Add a force option for pciserial device . * x86/entry/64: Add instruction suffix . * x86/fpu: Add might_fault to user_insn . * x86/hpet: Prevent potential NULL pointer dereference . * x86/kexec: Do not setup EFI info if EFI runtime is not enabled . * x86/mce-inject: Reset injection struct after injection . * x86/mce/mce-inject: Preset the MCE injection struct . * x86/mce: Fix -Wmissing-prototypes warnings . * x86/mm: Do not leak kernel addresses . * x86/speculation: Add support for STIBP always-on preferred mode . * x86/speculation: Change misspelled STIPB to STIBP . * x86: boot: Fix EFI stub alignment . * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments . * xen-netfront: Fix hang on device removal . * xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init . * xfs: Fix bulkstat compat ioctls on x32 userspace . * xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init . * xfs: fix attr leaf header freemap.size underflow . * xfs: fix leaks on corruption errors in xfs_bmap.c . * xfs: fix mount failure crash on invalid iclog memory access . * xfs: fix partially uninitialized structure in xfs_reflink_remap_extent . * xfs: fix realtime bitmap/summary file truncation when growing rt volume . * xfs: fix use-after-free race in xfs_buf_rele . * xfs: initialize the shortform attr header padding entry . * xfs: make sure the rt allocator does not run off the end . * xfs: require both realtime inodes to mount . * xhci: Do not show warning for reinit on known broken suspend . * zram: fix double free backing device . ## Special Instructions and Notes: * Please reboot the system after installing this update.